As our semester wraps up, what was the idea/concept/topic that had the greatest impact, and why?
Week 12 & 13 – Wireless
For this week’s discussion, research an article describing a breach where wireless (Wifi) was the entry point for the breach.
What weaknesses in the configuration did the attackers use to enter their target’s system?
What countermeasures would you implement if you wanted to defend against this breach?
Please include the URL for the article, so that others can read the article(s).
Week 11: Share Your Experiences – Security Shepherd
During Week 11, what are your experiences with Security Shepherd?
Which deployment method (VMware / VirtualBox / Docker) did you choose, and why?
How many challenges did you complete?
When you encountered issues, what kind of steps did you take to resolve the issues and forge onward?
Week 09: In the News: Web Application Breach
To help us understand what can be obtained via a web application that has vulnerabilities, or weaknesses, that an untrusted outsider can take advantage of. Krebsonsecurity talks about a breach caused to a web application that they had purchased from Fiserv, resulting in customers being able to to view account data for other customers, including account number, balance, phone numbers and email addresses. (https://krebsonsecurity.com/tag/fiserv/)
For this week, research a recent breach announcement that was attributed to a web application failure. How did attackers misuse the website, and what were they able to obtain? How could the breach have been averted?
Week 08: Malware During CyberSecurity Awareness Month
Let’s continue to discuss malware during CyberSecurity Awareness Month, and we’ll refer to the video series we looked at previously at https://staysafeonline.org/resource/security-awareness-episodes/ , specifically the following Episode 5: Removable Media, if you’ve not watched it already.
Research, and describe, a news articles describing a publicly-disclosed breach that can be tied to the use of removable media as the entry.
Also, for “bonus points”, what other security errors do you see in this episode? (https://staysafeonline.org/blog/security-best-practices-for-removable-media-and-devices/)
Week 7: More on Vishing
During class, we talked about Vishing. Below is a link to a short video that shows an IT professional being duped after receiving compliments, a promise of an award, in exchange for his contact details and credit card information to pay for shipping the “reward”.
After watching your video at https://youtu.be/D_yAYhjNE-0 , What social engineering tactics did you observe in the video?
Week 05: Open Source – In the News
- An article describing an organization or development team’s success (or failure) due to using ‘Open Source’ components.
- A breach or compromise that was attributed to the use of open-source components. For this option, please note if there were any mitigating factors that the organization should have considered.
- Other considerations concerning the use of open-source components and/or operating systems.
Remember to include the URL of the article being referenced.
Week 05 – Open Source vs Commercial
During this week, we talked about some additional scanning products used in Ethical Hacking. While many are open source, we also mentioned that there are some products that are commercial, and require a paid license.
During your trial of Kali, so far, have you found any interesting tools that you want to spend more time with?
While not disclosing your employer’s name, are you aware of tools that your employer currently uses?
Week 04: Vulnerability Scanning – In the News
- Vulnerability Scanning being added as a regulatory or compliance issue.
- A recent breach where vulnerability scanning, part of a vulnerability management program, would have prevented or minimized the impact of.
- Recent strategies, such as new vulnerability scanning techniques.
Remember to include the URL of the article being referenced.
Week 03: Virtualization Security Issues – In the News
For this discussion question, research an current article related to virtualization, such as:
- How virtualization weaknesses could be exploited during an attack.
- Creative uses of a virtualization environment for testing purposes.
Remember to include the URL of the article being referenced.